hashcat Forum
decryption problem with enctype 7500 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: decryption problem with enctype 7500 (/thread-6318.html)



decryption problem with enctype 7500 - lily~hashcat - 02-20-2017

I try to use cudaHashcat 1.35 to decrypt two hash of the encryption type 7500(kerberos 5 AS-REQ-Pre-Auth etype 23). The first hash(signed as hash1) comes from the hashcat forum and I use the command '$krb5pa$23$user$realm$salt$hash1' to decrypt it. The second hash(signed as hash2 ) comes from my experinment: I use wireshark to get the kerberos 5 AS-REQ pack, then pick up the enc PA-ENC-TIMESTAMP as the second hash. Also, I use the command '$krb5pa$23$user$realm$salt$hash2' to decrypt it. The first hash can be decrypted successfully butĀ  I failed to decrypt the second hash. What should I do?



RE: decryption problem with enctype 7500 - epixoip - 02-20-2017

v1.35 was released 2 years ago, and cudaHashcat doesn't even exist anymore. Upgrade to hashcat 3.30 or newer before reporting any bugs or errors.


RE: decryption problem with enctype 7500 - lily~hashcat - 02-24-2017

Follow the above suggestion, I tried hashcat 3.30. However the problem can't be solved yet. Here is hash1 used in my testcase:
$krb5pa$23$user21$realm22$salt1234$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835. It is from the hashcat forum.
This is hash2:
$krb5pa$23$user21$realm22$salt1234$5c7698871dc87e96aacd8a94614a48b327bf06b64879150a863ba8246f50f70eda670b1b1370d7d5a2aa81487603b3de31e3024d. I copied it from the keberos AS-REQ package.
What should i do now?


RE: decryption problem with enctype 7500 - atom - 02-25-2017

I think you need to update the salt as well


RE: decryption problem with enctype 7500 - lily~hashcat - 02-27-2017

I find that if I change the value of the "user", "realm" and "salt" at will in hash1, it can still be decryted successfully. So there are two another questions. First, does the decryption of kerberos enctype 23 need a salt? Second, If it needs a salt, where can I find it in the kerberos AS-REQ package?


RE: decryption problem with enctype 7500 - atom - 02-27-2017

Yes, it's salted. See: https://hashcat.net/wiki/doku.php?id=example_hashes

I don't know about that kerberos AS-REQ package you're talking about.


RE: decryption problem with enctype 7500 - lily~hashcat - 02-28-2017

The AS-REQ package is one of the message types of kerberos protocol during the authentication. I get it from the network which takes kerberos as its authentication way by using wireshark. Then I pick up the '
enc PA-ENC-TIMESTAMPĀ ' in this package as the input hash of the algorithm of 7500 to decrypt. Also, I can find other corresponding parameters include 'user' and 'realm' in the AS-REQ package. But I haven't found the 'salt'. So, where can i find the corresponding salt of the input hash?


RE: decryption problem with enctype 7500 - atom - 02-28-2017

I don't know how the hash is extracted, but I know it's salted.